A group, known as LulzSec Reborn, are taking credit for the recent hack of a dating website for military men and women to find a spouse either in the military or that is interested in dating an individual in the military. The hacker group disclosed sensitive information that they had accessed on approximately 170,000 members of the online dating site. LulzSec Reborn was able to breach their system without being detected.
The dating website had made several mistakes with the security of their website. One was that they had no breach detection. Even when LulzSec Reborn made the claim of breaching their website and releasing information from their database, Military Singles administrators denied that they had been hacked. To infiltrate the website, LulzSec used the file-upload mechanism to upload arbitrary data onto the web servers. The file-upload mechanism is normally used to upload pictures, which is needed since it is a dating website. The coding on the website improperly validated files that were not pictures. The website also failed to segregate user’s uploaded files from critical servers. Lastly, the hashing of the user’s passwords was very basic and outdated which allowed LulzSec to crack user passwords. If these exploits were working properly, the hack may have never occurred.
A group, known as LulzSec Reborn, are taking credit for the recent hack of a dating website for military men and women to find a spouse either in the military or that is interested in dating an individual in the military. The hacker group disclosed sensitive information that they had accessed on approximately 170,000 members of the online dating site. LulzSec Reborn was able to breach their system without being detected.
The dating website had made several mistakes with the security of their website. One was that they had no breach detection. Even when LulzSec Reborn made the claim of breaching their website and releasing information from their database, Military Singles administrators denied that they had been hacked. To infiltrate the website, LulzSec used the file-upload mechanism to upload arbitrary data onto the web servers. The file-upload mechanism is normally used to upload pictures, which is needed since it is a dating website. The coding on the website improperly validated files that were not pictures. The website also failed to segregate user’s uploaded files from critical servers. Lastly, the hashing of the user’s passwords was very basic and outdated which allowed LulzSec to crack user passwords. If these exploits were working properly, the hack may have never occurred.
2nd article 5/10